Cache poisoning in Litestar before 2.20.0 allows unauthenticated remote attackers to exploit improper Unicode normalization in the FileStore cache backend to create collisions between cache keys, enabling one URL to serve another URL's cached responses. Public exploit code exists for this vulnerability. An attacker can leverage this to serve malicious cached content to users accessing legitimate endpoints.
Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation uses filter_var(..., FILTER_VALIDATE_IP) to block a specific list of IP addresses. [CVSS 6.5 MEDIUM]
SSRF bypass in Craft CMS 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21 allows unauthenticated attackers to access cloud metadata endpoints and internal IP addresses through the saveAsset GraphQL mutation by exploiting Guzzle's automatic redirect handling. The vulnerability bypasses hostname and IP blocklist protections that validate only the initial request URL, enabling attackers to reach sensitive internal resources. Public exploit code exists; patched versions 4.16.18 and 5.8.22 are available.
Craft CMS versions 3.5.0-4.16.17 and 5.0.0-RC1-5.8.21 contain a server-side request forgery vulnerability in the save_images_Asset GraphQL mutation that allows authenticated users to bypass hostname validation and retrieve internal URLs by specifying domains resolving to private IP addresses. By uploading files with non-image extensions like .txt, attackers can bypass downstream validation to access sensitive data including AWS instance metadata credentials from the host system. Public exploit code exists for this vulnerability, though patches are available in versions 4.16.18 and 5.8.22.
Litestar versions before 2.20.0 improperly escape regex metacharacters in the allowed_hosts middleware, allowing attackers to bypass hostname validation by supplying hosts that match the compiled regex pattern but differ from intended literal hostnames. Public exploit code exists for this vulnerability. The flaw affects the ASGI framework's ability to properly restrict incoming requests to authorized hosts.
SQL injection in code-projects Online Reviewer System 1.0 via the ID parameter in the questions-view.php file allows unauthenticated remote attackers to execute arbitrary SQL queries and potentially access or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at active risk.
SQL injection in the login component of code-projects Online Reviewer System 1.0 allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, which affects PHP-based installations of the Online Reviewer System. An attacker can exploit this to extract sensitive data, modify database contents, or potentially gain unauthorized system access.
SQL injection in code-projects Online Reviewer System 1.0 via the difficulty_id parameter in /system/system/admins/assessments/pretest/btn_functions.php allows unauthenticated remote attackers to manipulate database queries and potentially extract sensitive data or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in itsourcecode Event Management System 1.0 via the ID parameter in /admin/manage_user.php allows unauthenticated remote attackers to execute arbitrary SQL queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available, putting all affected installations at immediate risk.
SQL injection in code-projects Online Music Site 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in AdminEditCategory.php, enabling unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.
Online Music Site versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in code-projects Online Reviewer System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in the user deletion function, potentially leading to unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations vulnerable to active exploitation.
SQL injection in code-projects Online Reviewer System 1.0 via the difficulty_id parameter in /system/system/admins/assessments/pretest/loaddata.php allows remote attackers to execute arbitrary SQL queries without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could result in unauthorized data access, modification, or deletion within the application database.
SQL injection in code-projects Online Reviewer System 1.0 allows remote attackers to manipulate the test_id parameter in the exam-delete.php file, enabling unauthorized database access and modification without authentication. The vulnerability has public exploit code available and currently lacks a patch, posing an immediate risk to unpatched installations. Affected organizations using this system should prioritize mitigation strategies while awaiting official remediation.
SQL injection in code-projects Online Reviewer System 1.0 allows unauthenticated remote attackers to manipulate the test_id parameter in the exam-update.php endpoint, enabling unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in the News Portal Project 1.0 administrator login interface allows unauthenticated remote attackers to manipulate the email parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker could exploit this to extract sensitive data, modify database contents, or potentially escalate privileges within the application.
SumatraPDF versions 3.5.2 and earlier are vulnerable to a heap buffer over-read in the MOBI file parser due to incomplete bounds validation in the HuffDic decompressor, allowing attackers to crash the application by opening a malicious .mobi file. Public exploit code exists for this vulnerability. Local user interaction is required to trigger the vulnerability, and while denial of service is the primary impact, the out-of-bounds read could potentially leak sensitive memory contents.
SQL injection in code-projects Online Reviewer System 1.0 via the ID parameter in the assessment module allows unauthenticated remote attackers to execute arbitrary SQL queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available.
Filebrowser versions prior to 2.57.1 allow authenticated users to reset passwords without verifying the current password due to case-sensitive validation logic that can be bypassed using mixed-case field names in API requests. An attacker with a valid JWT token obtained through XSS, session hijacking, or similar means could exploit this to perform account takeover. Public exploit code exists for this vulnerability, and a patch is available.
Stored XSS in Craft CMS Number field settings (versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21) allows authenticated users with high privileges to inject malicious scripts via the Prefix or Suffix fields, which execute when the field is viewed on user profiles. Public exploit code exists for this vulnerability. Updates to versions 4.16.18 and 5.8.22 are available to remediate the issue.
Stored cross-site scripting in Craft CMS versions 5.0.0-RC1 through 5.8.21 allows authenticated users with high privileges to inject malicious scripts through Entry Type names that are not sanitized when displayed in the Entry Types list. An attacker exploiting this vulnerability can execute arbitrary JavaScript in the browsers of other users viewing the affected list, potentially compromising session data or performing unauthorized actions. Public exploit code exists for this vulnerability, though a patch is available in version 5.8.22 and later.
FileRise versions before 3.3.0 contain an HTML injection vulnerability that allows authenticated users to manipulate the DOM and inject malicious form or link elements to redirect users or trigger unauthorized actions. Public exploit code exists for this medium-severity flaw, and no patch is currently available. The vulnerability requires user interaction and valid credentials to exploit, limiting its immediate impact but creating risk for organizations running affected FileRise instances.
A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs). [CVSS 5.3 MEDIUM]
Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. [CVSS 6.8 MEDIUM]
Insufficient permission validation in OpenProject prior to 17.0.2 allows users with the Manage Users permission to lock and unlock application administrators, a capability that should be restricted to administrators only. An authenticated attacker with user management privileges can exploit this to lock out admin accounts and potentially disrupt system administration capabilities. No patch is currently available for affected versions.
Tanium addressed a local privilege escalation vulnerability in Tanium Server. [CVSS 6.7 MEDIUM]
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server. [CVSS 6.7 MEDIUM]
Windows services registered by Oki Electric Industry, Ricoh, and Murata Machinery products use unquoted file paths, allowing a local user with write access to the system drive root to achieve arbitrary code execution with SYSTEM privileges. This vulnerability requires elevated permissions and local access to exploit, making it primarily a privilege escalation risk in multi-user environments. No patch is currently available for affected products.
Dell Display and Peripheral Manager before version 2.2 on Windows contains an insecure link resolution flaw that allows local attackers with low privileges to escalate their access through the installer or service. An authenticated user can exploit improper symlink handling to gain elevated permissions on the system. No patch is currently available for this vulnerability.
PlaciPy is a placement management system designed for educational institutions. [CVSS 6.5 MEDIUM]
C&Cm@il by HGiga contains a SQL injection flaw (CWE-89) that allows authenticated users to execute arbitrary database queries and extract sensitive information. The vulnerability requires valid credentials but no user interaction, making it exploitable by compromised or malicious internal accounts. No patch is currently available for this medium-severity issue.
Airflow versions up to 3.1.6 contains a vulnerability that allows attackers to an authenticated user with custom permissions limited to task access to view tas (CVSS 6.5).
Apache Airflow 3.0.0 through 3.1.6 allows authenticated users with access to specific DAGs to view import error messages from other DAGs they lack permission to access, resulting in unintended information disclosure. An authenticated attacker can leverage this privilege escalation to gather sensitive information about other workflows and their configurations. Apache recommends upgrading to version 3.1.7 or later to remediate this vulnerability.
Markus versions up to 2.9.1 is affected by authorization bypass through user-controlled key (CVSS 6.5).
Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server. [CVSS 6.5 MEDIUM]
Cube.js versions 1.1.17 through 1.5.12 and 1.4.x before 1.4.2 are vulnerable to denial of service attacks where an authenticated attacker can craft a malicious request to completely disable the Cube API. This network-accessible vulnerability requires valid credentials but no user interaction, making it exploitable by any authenticated user with API access. No patch is currently available for affected versions.
Birtech Information Technologies Industry and Trade Ltd. Co. Senseway is affected by cleartext storage of sensitive information (CVSS 6.5).
Crafted delegations or IP fragments can poison cached delegations in Recursor. [CVSS 6.5 MEDIUM]
Youtrack versions up to 2025.3.119033 is affected by insertion of sensitive information into log file (CVSS 6.5).
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. [CVSS 6.1 MEDIUM]
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. [CVSS 6.1 MEDIUM]
Faraday HTTP client library versions before 2.14.1 fail to properly validate protocol-relative URLs when merging user-supplied paths with base URLs, allowing attackers to redirect requests to arbitrary hosts via SSRF attacks. Applications that pass untrusted input to Faraday request methods like get() or post() are vulnerable to request hijacking. A patch is available in version 2.14.1 and later.
LangSmith Client SDKs for Python and AI/ML platforms are susceptible to server-side request forgery through malicious HTTP baggage headers that allow attackers to redirect trace data exfiltration to attacker-controlled endpoints. An unauthenticated attacker can inject arbitrary api_url values during distributed tracing operations, causing the SDK to send sensitive trace data outside the intended infrastructure. No patch is currently available for this medium-severity vulnerability.
Python code execution through Pyodide in the mcp-run-python library lacks isolation from the JavaScript environment, enabling attackers to manipulate the JS runtime and hijack MCP server functionality. This allows adversaries to perform malicious operations including tool shadowing and potential server compromise through crafted Python payloads. No patch is available as the project is archived.
Pydantic-AI's MCP Run Python tool uses an insufficiently restrictive Deno sandbox configuration that permits Python code to access the host's localhost interface, enabling Server-Side Request Forgery (SSRF) attacks. An attacker can exploit this to probe or interact with services running on the local machine that should be isolated from external access. The archived project status means no patch is expected to be released.
Improper server identity validation in Eaton Network M3 firmware upgrade functionality enables man-in-the-middle attacks by network-adjacent threat actors with high privileges. An attacker can intercept and manipulate firmware updates to inject malicious code, compromise system integrity, or disrupt availability. No patch is currently available for this medium-severity issue.
Unity-Cli versions up to 1.8.2 is affected by insertion of sensitive information into log file (CVSS 5.5).
Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools. [CVSS 5.5 MEDIUM]
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product is vulnerable to Cross-Site Request Forgery (CSRF). [CVSS 5.4 MEDIUM]
Fluent Forms Pro Add On Pack (WordPress plugin) is affected by server-side request forgery (ssrf) (CVSS 5.4).